[undertow-dev] Undertow Security: PicketBox5

David M. Lloyd david.lloyd at redhat.com
Tue Nov 13 17:40:29 EST 2012


On 11/13/2012 04:32 PM, Anil Saldhana wrote:
> Hi All,
>     I was not aware of this mailing list until today.
>
> 3-4 months ago, we rewrote PicketBox5 to be a generic security framework.
> https://docs.jboss.org/author/display/SECURITY/Java+Application+Security
> https://github.com/picketbox/picketbox
>
> We neither have JAAS stuff nor Servlet Security
> (FORM,DIGEST,CLIENT-CERT,BASIC) tied to Tomcat Authenticators.
> I am wondering if there is a scope for using PicketBox5 with Undertow.
> Also there is no tie in into any containers in
> PicketBox5.

In a word: why?

What does PicketBox provide that Undertow needs?  I'd be highly 
skeptical unless it's clear what requirements were fed *into* PicketBox 
to begin with.  We know what we need; the burden of justification lies 
on you in this case.

> The test cases that you may want to review:
> https://github.com/picketbox/picketbox/tree/master/http/src/test/java/org/picketbox/test/authentication/http
>
> Maybe Stefan from our side can help out.  I would guess we can produce a
> prototype branch with undertow + PBox5.
>
> Regards,
> Anil
>
> PS: Feedback from *Jason Greene*: I'll let Stuart and Darran comment,
> but my thinking is that we want to greatly limit the dependencies of
> standalone undertow. Integration in AS is a different story though. I
> would imagine this means some kind of SPI between undertow and the
> container.
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>


-- 
- DML


More information about the undertow-dev mailing list